Let’s face it. We can’t live without Bluetooth anymore. Our headphones, mobiles, keyboards, cars, and all kinds of electronic devices get internet links and interact with us through this technology. It’s here to stay, and it’s only becoming more prevalent. However, Bluetooth’s success begs the question about the technology’s security status: how safe is Bluetooth?
Well, it’s safer than WiFi for the most part. But every technology has vulnerabilities, and Bluetooth is no exception. For example, third parties could intercept your Bluetooth data. And would it be so terrible if somebody figured out what you’re listening to with your Bluetooth headphones? The problem is that a Bluetooth connection can give away much more information and data from any device you use to store your most sensitive data.
So join us as we tell you all about Bluetooth. What is it? How does it work? How can somebody attack you through Bluetooth? And, most importantly, how can you keep your Bluetooth activities safe? This article will answer all these questions and much more.
Bluetooth: What is it?
You probably have used Bluetooth technology to connect your iPhone to AirPods or your most-loved music program to a speaker.
Bluetooth is a communications protocol that creates a local network wirelessly linking nearby devices. So, for example, Bluetooth can allow your phone to connect with your headphones and use them as an audio output device without a cable.
It’s an open standard. That means that it’s a technology freely available to anybody. You don’t need to have a license to use it. This feature has helped Bluetooth become popular, and many devices adopt it daily.
Bluetooth is Jaap Haartsen’s brainchild, an Ericsson employee at the time — the early nineties. It is generally safe to connect devices through Bluetooth to one another. It is because the devices operate on a range of frequencies, and they hop between them hundreds of times a second.
In our current markets, you can find a wide variety of objects featuring Bluetooth functionality, from smartwatches to fridges.
How does it work?
Bluetooth eliminates cable connections in data exchanges between two pieces of hardware. Instead, it uses UHF radio waves of about 2.4 GHz.
Speed, security, ease of use
Bluetooth needs objects in close proximity to connect them and create a link that allows data to flow in both ways. The typical range is about 10 meters (or 30 feet). Bluetooth devices do not interfere with nearby signals of a similar frequency because every individual signal is weak.
The first step in creating a Bluetooth link is called “pairing.” It’s when you connect two Bluetooth devices for the first time. Every new pairing needs approval, which makes it relatively safe. Once you introduce two Bluetooth to each other through a first pairing, they will remember it in the future links will happen automatically whenever those two gadgets find each other again.
Bluetooth’s radio signals are weak, but they are still effective. So that audio you’re hearing in your headphones from YouTube right now, for instance, arrives in your ears instantly through your Bluetooth link.
Each local Bluetooth network admits up to eight devices. However, each network has one master device only, which is the one that can send data to the rest, which act as “receivers.”
Frequency Hopping
Frequency Hopping is one of the best built-in features in Bluetooth technology. That means the Bluetooth link keeps changing between channels within the 2.4 GHz range to keep the connection strong, stable, and reliable.
The Bluetooth protocol includes 79 frequencies. So, even if you have many Bluetooth networks co-existing in a small space, there are plenty of available frequencies for every device to choose from without mutual interference.
The uses of Bluetooth
Bluetooth is everywhere these days. It’s part of our daily routine because we use it in several ways, and we have it so assimilated that we hardly think about it anymore.
- Sharing files. Videos, photos, music files, and documents. You can transfer them between Bluetooth-enabled devices quickly.
- Device pairing. You can use a Bluetooth speaker to play music wirelessly from your phone, tablet, or computer. In addition, there are wireless Bluetooth mice, keyboards, and printers. Besides, most modern cars have Bluetooth integrated to play music, have hands-free calls, navigate, reply to messages, and more.
- Health monitoring. Fitness trackers are an example of a helpful Bluetooth device that monitors your health or your gym activity. There are also Bluetooth-enabled pacemakers. Most smartwatches will connect to your phone and keep track of your blood pressure, oxygenation, and pulse.
- Creating a hotspot. Suppose you don’t have the internet on your computer, but your phone is online through your mobile provider. You can tether your mobile connection to use your phone as a WiFi hotspot and share it with your computer.
- Home security. The latest home security systems are online, and you can manage them through Bluetooth signals on your phone, which also acts as an access key.
- Protecting your devices. Some programs lock down your computer unless your phone is within Bluetooth range. Since your mobile is supposed to be near you always, this guarantees that your computer can only be used if you’re near it.
Bluetooth advantages and disadvantages
There is no doubt about Bluetooth’s convenience and other advantages. But no technology is ever perfect, and Bluetooth has disadvantages too. So let’s look at both sides of the coin.
Advantages
- Automatic and easy. A pair of devices that already know how to find each other will do so automatically as soon as they’re online.
- Wireless. Doing away with cords and their corresponding and unavoidable tangles is lovely.
- Compatibility. You can find all kinds of devices enabled with Bluetooth. A beautiful thing about this protocol is that the operating system or manufacturer is utterly irrelevant. It always works.
- Multiple devices. A “master” device in a local Bluetooth network can feed information to seven other devices.
- Security. Every new Bluetooth pairing requires user approval, and these connections only work over very short distances. So it’s almost impossible for you to get surprised (unless you deliberately put your Bluetooth security at risk by enabling unpaired connections).
Disadvantages
- Health issues. There is no evidence of any health issues related to Bluetooth. However, the Bluetooth frequencies are in the microwave range known to interact with living tissues. So while there is no evidence, the jury is still out.
- Energy consumption. Bluetooth devices are very efficient and work with a relatively low amount of power. However, many gadgets are always online, so you need to charge them frequently. If your phone or tablet has Bluetooth, your battery will drain quickly.
- Easy to locate. Bluetooth-enabled devices can easily find their “peers” as soon as they are in the range. That’s very convenient for the user. Unfortunately, it’s even more convenient for hackers who can find out what’s on the menu without effort. It is risky when your devices are in public.
- Limited range. Bluetooth connections are only reliable within a distance of 10 meters.
- Slow speeds. The latest Bluetooth versions keep getting faster. Nevertheless, they remain very slow compared to WiFi connections, never mind wired links.
Is Bluetooth very safe?
No digital technology is 100% safe, let alone when it’s wireless. Bluetooth signals are susceptible to malware attacks, including malvertising, according to the internet of things security companies.
While the need to authorize by hand every new Bluetooth pairing and the short-range, it has helped make this technology much safer than, for example, WiFi. However, it still has vulnerabilities. Hackers know three methods to compromise Bluetooth connections: bluesnarfing, bluejacking, and blue bugging. Let’s explore them.
Bluejacking
In this attack, a Bluetooth-enabled device hijacks another to flood it with spam messages. It’s mainly annoying, more than dangerous. However, since these spam messages often include phishing attempts, there’s always the danger that the user will fall for them, following the wrong link, and so forth. In addition, the malicious link will try to steal information from the user or spread malware into the device in question, bringing the attack to a new level.
Bluebugging
This one is different. The hacker manages to set up a stealth Bluetooth link to your phone or your computer. The link, in turn, allows them to exploit a backdoor into your system. Once they’re in, they can literally own your computer behind your back and spy on everything you do, copy your most sensitive information or even use your computer to impersonate you on any software installed on your device –which is particularly serious if you have banking apps.
Bluesnarfing
Bluesnarfing is like Bluejacking’s older brother. Here a device also hijacks another Bluetooth gadget, but it doesn’t limit itself to sending spam. It extracts information too, which is why it’s way more dangerous. Your data becomes vulnerable in this situation (pictures, emails, text messages, documents, etc.). The worst thing is that these files and data can give the hacker enough information to identify you or, for other purposes, all of them nefarious.
Cases of Bluetooth attacks
You need to know this: any device with Bluetooth is vulnerable to the protocol’s security threats. This type of hacking is not the most frequent one. However, it’s there and gives a determined hacker the tools he will need to do plenty of damage. Let’s see some examples.
2017 was the year of the BlueBorne attack. This technique showed how a Bluetooth device could get hacked without authorizing a pairing beforehand. Even worse, even those devices configured to be non-discoverable were vulnerable to this attack.
Once the hacker succeeds, he could become the device’s new owner, gaining complete control to extract any information he wants, gain access to specific networks, issue a ransomware threat, or install further malware. BlueBorne could hit almost every Bluetooth device at the time.
Then, in 2019, a group of hackers discovered an array of security loopholes in Apple’s macOS Bluetooth implementation. The result was that the Bluewave Zero-Click Bugs gave them the power to take over any Apple device they wished. And a few weeks later, the hackers of their world turned their attention to Android devices and came up with the BlueFrag leak, which gave them the power to steal data, spread a worm, or install stealth malware.
In 2021 an academic research group discovered no fewer than 16 Bluetooth vulnerabilities in most commercial chipsets. The new group of security loopholes became BrakTooth, allowing attackers to do anything from crashing a system to executing arbitrary code. The severity depended on the device in question, but it was mainly a generalized problem.
There’s no need to worry about those vulnerabilities. They have been patched already, so they’re not an issue for current Bluetooth users. However, the critical point to take away from these past examples is that a new vulnerability could arise at any moment, and it’s essential to be aware.
Bluetooth and privacy
With the information we’ve shown you so far, it would seem that hackers are the most frequent abusers of Bluetooth technology. But appearances will deceive you. Apps such as Google and Facebook take advantage of your phone’s Bluetooth capability to figure out your physical location in real-time.
Even if you turn off your phone’s Bluetooth feature, it will still recognize Bluetooth signals in its vicinity –the difference is that it won’t transmit. These signals give some apps enough information to pinpoint your position. In other words: they can monitor your position and movements at every moment and keep a log if they so wish. And to make things even worse, Bluetooth’s short range makes it more accurate than GPS when it comes to tracking a device.
And it’s no secret, either. If you read the privacy statement of many apps, they have no problem letting you know that they are using your Bluetooth chipset to know where you are. But, of course, nobody reads these texts, so very few people know this happens. The good news is that now you belong to the select group of aware users.
However, not everything is lost. For example, location tracking needs your authorization, so if you manually turn off this permission for the apps tracking you, you can keep your physical location private.
Bluetooth and security
So now you know. Bluetooth has both security and privacy loopholes that can put you at risk. Therefore, it’s wise to adopt a set of simple measures that can maximize your Bluetooth security at all times and avoid any nasty surprises. Let’s review them.
1. Keep your system updated
Keeping your devices updated is the best preventive measure for Bluetooth security. So get every security patch and update it as soon as it’s released. Amazon and Google, for example, issued updates for BlueBorne quickly, so preventing any problems was straightforward.
2. Set your device to not discoverable
A hacker’s first choice for a Bluetooth attack will be a near and discoverable device. So make their job harder. Set your Bluetooth to “not discoverable.” Each device has a particular way of doing it.
iOS
If you’re an iPhone user, Apple says that your iPhone is discoverable only when you have the settings > Bluetooth screen showing. Once you’re out of this screen, your iPhone is non-discoverable or available for other pairings.
macOS
On an Apple Mac, follow these steps:
- Open “System Preferences.”
- Pick “Sharing.”
- Find the Bluetooth Sharing box and uncheck it.
Android
If you’re on Google’s mobile operating system, then here’s what you need to do:
- Go to Menu > Settings > Bluetooth.
- Turn Bluetooth on.
- Pick “More connection settings.”
- Turn off the “Nearby scanning devices” option.
Windows 10
- Go to Start > Settings > Devices > Bluetooth & Other Devices.
- Turn your Bluetooth on.
- Pick “More Bluetooth Options.”
- Find the “Allow Bluetooth devices to find this PC” box and untick it.
3. Share information prudently on Bluetooth links
Sensitive information does not belong on the air, broadcasting to anybody who can intercept it. Remember: Bluetooth is vulnerable, so don’t use it to share data or files if you want to remain safe.
4. Mind your Bluetooth connections
Don’t accept Bluetooth connection requests if you’re unsure who’s asking and want it. It’s hard to believe that hackers use this simple strategy, but they do, and it works. So don’t do their job for them.
Turn off your Bluetooth
Your Bluetooth chipset is always sniffing for other Bluetooth devices it knows from the past to pair with them automatically. While this is very convenient, it’s also unsafe because it creates a vulnerability, making your phone readily available to attackers. So, unless you’re using your Bluetooth, please turn it off. It won’t only improve your safety but also extend your battery life. If you’re in a public space, like an airport, a hotel, a restaurant, and public WiFi hotspot, then be even more careful and keep your Bluetooth off until you need it.
5. Avoid public pairings
If you need to pair two devices through Bluetooth, perform the pairing in a safe place. Whenever you buy that cool new Bluetooth toy you wanted, keep it in its box until you get home. Please resist the temptation to immediately pair it to your phone or preferred device.
This strategy will keep your device non-discoverable as long as you’re in public. If you perform the pairing, it will have to be discoverable, at least for a moment.
6. Unpair old pairings
Don’t keep your device loaded with pairs for hardware you don’t use anymore. Each useless pairing is a vulnerability, and you need to avoid it. Instead, keep only the pairings you are sure to use frequently.
Bluetooth and VPNs
At this point, you could be wondering if a VPN will help you keep your Bluetooth secure.
We like VPNs. We want every reader to subscribe to a top-notch VPN to protect their privacy, security, and anonymity. VPNs are arguably the best digital security tool for internet users. But, alas, a VPN will not make your Bluetooth any safer.
The thing to realize is that Bluetooth security issues do not come from the internet, which is where the VPN can keep you safe. Instead, they come from your physical vicinity.
A VPN will protect you from a hacker near you by encrypting your traffic so that interception becomes pointless. However, your Bluetooth connections are strictly local, and the VPN doesn’t cover them. Thus, a nearby Bluetooth threat will remain under your VPN’s radar.
This is not a loophole in your VPN’s security features. It’s the nature of the beast. Bluetooth attacks are primarily physical, don’t come from afar, and are not based only on software interactions, which is where the VPN shines.
Bluetooth and antivirus software
The next logical question is whether an antivirus suite will help keep your Bluetooth links safe.
Let’s start by saying that a top-notch antivirus suite like Kaspersky is essential if you care about your online security.
But no, it won’t help you with Bluetooth security either. At least not directly.
There is a way in which a good antivirus will help you, anyway. Once an attacker links to your device, if he tries to inject malware into your system, the antivirus will detect and deal with it before it can do any damage. So while the antivirus will not prevent the Bluetooth attack, it will be useless.
Final thoughts
Bluetooth makes our digital experience easier, more enjoyable, and more convenient. We don’t have to deal with a wilderness of cords on every desk. Also, Bluetooth makes our devices more versatile and valuable.
With smartphones and tablets incorporating Bluetooth, the technology has become widely used. Unfortunately, although we use Bluetooth to connect earphones, cars, and other devices, it also has its own set of vulnerabilities.
However, let’s not forget that convenience and security do not go hand in hand. The more you surrender your decisions to automated processes (such as Bluetooth pairings), the more vulnerable you become to security issues. Every digital technology suffers from this flaw, and everything you gain in convenience comes at an increased security risk.
Bluetooth is vulnerable because every digital technology is. However, this is not a deal breaker. You can still enjoy most of the convenience Bluetooth brings to your digital lifestyle without any severe security risk if you have a good mobile VPN and adopt a few simple preventive measures, as described in this guide.
VPNs and antivirus suites won’t protect your Bluetooth directly. However, it would help if you had both anyway because they protect you from the consequences of Bluetooth attacks and are mandatory for any privacy-savvy user on the internet.
So enjoy all the goodness Bluetooth brings along! But always stay safe.
FAQs
No, it’s not. Your Bluetooth is safest when it’s turned off because that’s when hackers can’t find it or attack it. Of course, keeping your Bluetooth off at all times to improve its safety is a trivial solution that beats the purpose of having that technology. So use common sense. Keep your Bluetooth on only when you’re using it.
You can improve your Bluetooth security by adopting a few simple preventive measures:
1. Please turn it off whenever you don’t need it.
2. Set your device to not discoverable.
3. Keep your system updated.
4. Do not pair with unknown devices.
Bluetooth headphones emit nonionizing radiation in the form of radio waves and at very low intensity. The FDA considers this type of radiation safe for humans.
Have a look at your Bluetooth settings. You will find a list of all the devices paired through your Bluetooth radio signal. If you find a connection that looks wrong, turn it off immediately.